I am a designer and developer and content strategist. I use my experience as a magazine art director and web editor to help publishers, marketers, non-profits and self-branded individuals tell their stories in words and images. I follow all of the technologies that relate to the content business and try to identify the opportunities and pitfalls that these technologies pose. At the same time I am immersed in certain sectors through my content practice and am always looking to find connections between the worlds of neurology, economics, entertainment, travel and mobile technology. I live near the appropriately-scaled metropolis of Portland, Maine, and participate in its innovation economy (more stories at liveworkportland.org. A more complete bio and samples of my design work live at wingandko.com.

Google's New Chrome Browser Can Take Over Your Webcam, Should You Be Scared?

The new release of Google‘s Chrome browser has a bit of a surprise in it for users who don’t follow the technical side of this stuff. I warn you, at first glance, the idea may seem scary.

Chrome 21, which updates automatically for (most) users who have auto-updates enabled, contains support for a JavaScript API (Application Programming Interface) that allows the browser to access the webcam and microphone built into (or attached) to your computer or device. What, you might say, my computer can spy on me? OK, take a breath, let’s talk this through.

First, you might not realize that this is already possible on your computer through plugins, namely Adobe Flash and Microsoft Silverlight. And, I won’t lie to you, there are examples of evil hackers creating malware that uses these plugins to gain access to the “live stream” from victim’s computers. ComputerWorld reported on just such an scheme a couple of months ago that was used to defraud online banking customers.

Second, as great a headline as it might be to say “Google is spying on you with your own webcam!” this sensationalism would be no more true than saying that Adobe or Microsoft have been spying on you for years. They haven’t been.

Once you get past the scary headlines that are bound to pop up, like, “Google Switches On Browser Spy Cam in Chrome” (on MSNBC), you will realize that (on a security level) not much has changed. Once you have a plugin like Flash enabled in your browser, it becomes a bolted-on part of your computing environment, no more or less secure than if the same functionality were native to your browser.

On the positive side of the equation, though, native support for webcams and microphones, what is know as WebRTC (for Web Real-Time Communication, an HTML5 standard being drafted by the World Wide Web Consortium (W3C)), creates whole new vistas for what can now be done on the web. I asked web standards advocate Jeffrey Zeldman what he thinks about this development. “Adding camera access via a web standard sounds pretty cool to me,” he writes. “I don’t think this means the end of native apps or a new era of malicious spying (although I suppose the latter is always a concern). I do think it opens new creative possibilities for designers and developers of desktop and mobile web apps.”

But what about that “malicious spying”? I asked mobile consultant Luke Wroblewski, and he replied, “Personally, I think a lot of smart people have thought real hard about this issue.” One of those smart people is Scott Jehl of Filament Group in Boston, the studio that recently helped The Boston Globe become the first major newspaper to switch to a responsive design for its website. “I don’t think users should be concerned about it,” says Jehl. “It’s a great feature.”

Jehl is a performance hacker who eats HTTP requests for breakfast. He is not part of the security task force for this project, but he has done his own testing of the getUserMedia API implementation in Chrome. He likes that the new features “go through the same security verifications that users already see in other existing Chrome APIs, like geo-location,” and that, “this feature was already available in the Opera browser’s desktop and mobile versions, so it has been in the wild for some time for a large number of people. Making this sort of functionality work natively in the browser, rather than having to rely on proprietary plugins, is a big win for users and developers alike.”

The comparison to geo-location permissions is apt, and users should apply the same degree of awareness and caution with real time communication streams as they do with location information or secure (https) connections. Google presents it this way in its official blogpost on the new Chrome release, “What if web apps could see? What if they could hear? In today’s Chrome Stable release, when you give them permission, they can.” [the bolding is mine]. The empahasis on explicit permissions is clearly built into Chrome’s implementation of this standard. Other browser makers are advised to follow suit.

The Internet Engineering Task Force (IETF) is holding one of their triannual meetings (this time in Vancouver) this week. This group has been pivotal in geeking out on the details to make those permissions be as bulletproof as possible. Have a look at this slide deck for a (highly encrypted!) breakdown of the technical security considerations discussed at a meeting last year.

What can you do now once you have Chrome 21? The image above shows me playing with the Magic Xylophone (by Romuald Quantin at Stinkdigital in London), a low-end augmented reality (AR) virtual instrument. Move your fingers near the top of your webcams “frame” and you can play the different notes on the scale. It’s no Leap Motion, but it is a fun way to get “input” into a game or app. Webcam Toy, by Paul Neave, lets you apply some fun real time effects to your video stream. Coolest perhaps are the kaleidoscope (self-explanatory) and the filmstrip, which shows you a grid of identical images of yourself offset just slightly in time so that a motion in the top right corner “ripples” through each row down the screen.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.